Windows Notepad is now complex enough to have a serious security flaw

You can infect your PC with malware without ever leaving Notepad, thanks to recent updates and additions. Hooray.
ExtremeTech

Microsoft Fixes Windows 11 Bug That Let Attackers Run Remote Code in Notepad

The vulnerability comes from the way Notepad handles Markdown hyperlinks. Attackers craft malicious .md files with embedded ...

Microsoft fixes Notepad flaw that could trick users into clicking malicious Markdown links

Microsoft has fixed a serious security vulnerability affecting Markdown files in Notepad. In the company’s Tuesday patch ...

Use Notepad's new Markdown feature? Update it now to ensure you're safe.

Microsoft has patched a severe security vulnerability tied to Notepad's Markdown feature. Here's what you need to know to ...
The Hacker News

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ 8.9.2 fixes update hijack exploited to deliver malware, patches RCE flaw, and hardens WinGUp security.

Microsoft patches concerning Windows 11 Notepad security flaw

High-severity flaw fixed in Windows 11 Notepad ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
TweakTown

Notepad++ hack detailed - and what to do if you think you might be affected

TL;DR: Notepad++ was compromised for six months, but it wasn't the software itself which the exploit leveraged, but its hosting provider. An investigation into the attack has just been concluded with ...
TechCrunch

Notepad++ says Chinese government hackers hijacked its software updates for months

The developer of the popular open source text editor Notepad++ has confirmed that hackers hijacked the software to deliver malicious updates to users over the course of several months in 2025. In a ...

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
Pocket-lint

Microsoft Notepad and Paint are getting new AI features, for some reason

John is a writer at Pocket-lint. He is passionate about all things technology, and is always keeping up with the latest smartphone and PC releases. John has previously written at MobileSyrup. When ...